In what initially seemed to be a contained cyberattack, recent revelations have clarified that the city of Columbus has suffered a severe breach of data, with repercussions that ripple out to potentially hundreds of thousands of private citizens. Columbus Mayor Andrew Ginther previously stated the data stolen last month by hackers was encrypted or corrupted, proclaiming it unusable. These assurances, as communicated in a Columbus statement, stand seemingly at odds with the subsequent findings revealed by cybersecurity experts.
Further investigation has illuminated a far more concerning scenario. Cybersecurity expert Connor Goodwolf, under a pseudonym, told WBNS that over 400,000 private citizens' personal information is readily available on the dark web. This pool of individuals is vast, encompassing those who had swiped their driver's license at city hall within the last decade, and those with any dealings with the Columbus City Attorney's Prosecuting Office. The breach, claimed by the overseas ransomware organization Rhysida, shines a light on the digital vulnerabilities within our municipal fortifications.
Despite Mayor Ginther's assertions that no ransom was demanded, the situation's gravity has now been further underscored. NBC4i obtained what they referred to as just the “tip of the iceberg” of the compromised data. According to details shown to NBC4i, names of domestic violence victims, Social Security numbers for police officers, and crime victims have been laid bare, along with sensitive information about city hall visitors that could date back twenty years.
Connor Goodwolf shared with NBC4i that what he had accessed from the data dump totaled approximately 3.1 terabytes in size, a small fraction of the 6.5 TB originally claimed by the attackers. Within this sample, server records, and ID scanning system logs from Columbus City Attorney Zach Klein’s office were discovered. Mayor Ginther's earlier statement, where he pointed out that sensitive files were either encrypted or failed to make them usable, echoes with a certain irony now, in the widening circle of compromised private information.
.jpg){kind=link}